CVE-2019-2958OS Command Injection in Corporation Java

CWE-78OS Command Injection6 documents6 sources
Severity
5.9MEDIUMNVD
EPSS
1.2%
top 21.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Netapp E-series Santricity OS ControllerOracle Corporation JavaDebian Linux+3 more
Timeline
PublishedOct 16
Latest updateMay 24

Description

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages5 packages

CVEListV5oracle_corporation/javaJava SE Embedded: 8u221, Java SE: 7u231, 8u221, 11.0.4, 13+1
NVDoracle/jdk4 versions+3
NVDoracle/jre4 versions+3
NVDopensuse/leap15.0, 15.1+1

Also affects: Debian Linux 8.0

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-jf28-jj52-6jmf: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries)2022-05-24
CVEList
CVE-2019-2958: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries)2019-10-16

📋Vendor Advisories

2
Red Hat
OpenJDK: Incorrect escaping of command line arguments in ProcessImpl on Windows (Libraries, 8221858)2019-10-15
Debian
CVE-2019-2958: openjdk-11 - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (compon...2019

💬Community

1
Bugzilla
CVE-2019-2958 OpenJDK: Incorrect escaping of command line arguments in ProcessImpl on Windows (Libraries, 8221858)2019-11-28
CVE-2019-2958 — OS Command Injection | cvebase